• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Guide: Virus Removal 101

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
All set its done! As done as it can be for now anyway, I will add and remove things and evolve it as time goes on. I tried my absolute hardest to write this for a user it was very difficult for me so I apologise in advance for the length. But I can say that if you do read it in its entirety you may see security in a diff light. I also kept the main disinfection procedure in one post for the occasional 1 off send-to @Mussels was talking about. I hope I made it close to what everyone was hoping it would be! If its not well who knows what the future holds! Back to ransomware mitigation on my core DCs.
 

johnspack

Here For Good!
Joined
Oct 6, 2007
Messages
5,960 (1.00/day)
Location
Nelson B.C. Canada
System Name System2 Blacknet , System1 Blacknet2
Processor System2 Threadripper 1920x, System1 2699 v3
Motherboard System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s) System2 GTX 980Ti System1 GTX 970
Storage System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s) 2x 24" 1080 displays
Case System2 Some Nzxt case with soundproofing...
Audio Device(s) Asus Xonar U7 MKII
Power Supply System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse Logitech G900 Chaos Spectrum
Keyboard Ducky
Software Kubuntu 23.10, Windows 10
Benchmark Scores It's linux baby!
Nice job including ADWCleaner in there. Very important browser trojan removal tool that finds stuff Malwarebytes ect doesn't. Little known, and should be used!
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Nice job including ADWCleaner in there. Very important browser trojan removal tool that finds stuff Malwarebytes ect doesn't. Little known, and should be used!

100% agree its a great piece of software! Was very much included because of its ability, filling the gaps is what removal is all about!
 

johnspack

Here For Good!
Joined
Oct 6, 2007
Messages
5,960 (1.00/day)
Location
Nelson B.C. Canada
System Name System2 Blacknet , System1 Blacknet2
Processor System2 Threadripper 1920x, System1 2699 v3
Motherboard System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s) System2 GTX 980Ti System1 GTX 970
Storage System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s) 2x 24" 1080 displays
Case System2 Some Nzxt case with soundproofing...
Audio Device(s) Asus Xonar U7 MKII
Power Supply System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse Logitech G900 Chaos Spectrum
Keyboard Ducky
Software Kubuntu 23.10, Windows 10
Benchmark Scores It's linux baby!
You do have to be a bit careful with it though, it thinks my profile buddy profile for Cyberfox is suspicious. I had to uncheck that....
 

stinger608

Dedicated TPU Cruncher & Folder
Joined
Nov 11, 2008
Messages
11,092 (1.99/day)
Location
Wyoming
System Name Dean Machine/2020 Ryzenfall
Processor Intel 4790K/AMD Ryzen 3700X
Motherboard MSI 1150 Gaming mATX/Gigabyte AORUS ELITE B550
Cooling Cooler Master Hyper 212 LED/SilverStone AH240 AIO
Memory 16 gigs Crucial Ballistix Tactical Tracer/16 gigs G.Skill TridentZ NEO DDR4
Video Card(s) Gigabyte 1660 Super/Gigabyte GTX 1660
Storage Crucial SSD 256 and 2TB spinner/Dual Samsung 980 Pro M2 NVME 4.0
Display(s) Overlord 27" 2560 x 1440
Case Corsair Air 540
Audio Device(s) On board
Power Supply Seasonic modular 850 watt Platinum/EVGA T2-850 Titanium
Software Windows 10 Pro/Windows 10 Pro
I am a little surprised that, in the software list, you don't have Malwarebytes or Superantispyware listed.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I do have it listed and go over it in disinfection MBAM. I don't encourage people to use superantispyware
 
Joined
Aug 10, 2009
Messages
108 (0.02/day)
Location
Stockton, California
Processor Phenom II X6 1090T @ 4.1 Ghz/ 4790K (4.3Ghz but now @ STOCK)
Motherboard Cheap Biostar TA890FXE/ GA-B85N Phoenix-WIFI
Cooling Corsair H50/ Corsair H80i
Memory G. Skill Ripjaws 16gigs/ 16gigs of Ballistic Tracers
Video Card(s) HIS 6950 unlocked to 6970/ EVGA GTX 970 FTW
Storage 2 Corsair Force 80gigs SSD Raid 0(OS)*1.5TB Seagate 7200.11(Backup/Data)/ Samsung 850 EVO 500G mSATA
Display(s) 28 inch LG Flatron LCD/ 144hz Asus VG248 & LG 34UM57P Ultrawide
Case 8 dollar case I got from Frys/ INWIN 901 (mITX)
Audio Device(s) Onboard/ Onboard
Power Supply Corsair TX850W/ Cooler Master V700 80+ Gold
Mouse Razer Taipan (Battlefield 4 Edition)
Keyboard Razer BlackWidow Ultimate (Battlefield 4 Edition)
Software W7 Ultimate/ Windows 10 Pro
Is there a particular reason why u don't encourage people to use superantispyware?
 

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.25/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Is there a particular reason why u don't encourage people to use superantispyware?

i dont know anyone who uses it either, it's just not as good as malwarebytes.
 
Joined
Aug 20, 2007
Messages
20,587 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Hmm normally after a hard/annoying Virus/Malware attack the best thing is just to reinstall bcs ur OS won't be the same afterwards.

There are times when that is neither preferable nor desirable, and/or you aren't the client making that call. Thus this guide.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Is there a particular reason why u don't encourage people to use superantispyware?

i dont know anyone who uses it either, it's just not as good as malwarebytes.

That should suffice for most people. It's just not a great product, alot of users seem to also judge alot of products by longevity. Unfortunately that is also a bad way to judge effectiveness. I didn't include it because the engine is weak and there are better products. That's all.
 
Joined
Nov 4, 2005
Messages
11,632 (1.74/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
I wrote a batch script a couple years ago as all the popular rootkit removers were killed by a nasty piece of software, it renamed and launched TDSS from a new folder from the zip version, not that it was hard to do at all, but it may help to add something like it to your program.

Excellent guide!!!

EDIT** Comodo, not sure of the community feel on it now, I am using it currently as Avast was proving to be a PITA, it used to be way more hardcore than it feels now, but its still free, and have very little user interaction for the protection offered.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I wrote a batch script a couple years ago as all the popular rootkit removers were killed by a nasty piece of software, it renamed and launched TDSS from a new folder from the zip version, not that it was hard to do at all, but it may help to add something like it to your program.

Excellent guide!!!

EDIT** Comodo, not sure of the community feel on it now, I am using it currently as Avast was proving to be a PITA, it used to be way more hardcore than it feels now, but its still free, and have very little user interaction for the protection offered.

Yeah I liked Comodo I haven't personally batteried them in a few years. I think I stopped because they bundled geek buddy or w/e their add-on is with it and I couldn't stand it, but I never had a problem with the detection rate in testing or personally. I like Avast too. Not sure how its going to go with their purchase of AVG I really hope they cool it on the bundle crap. Emsisoft is actually really good about that stuff but they are a bit in your face with program execution.

That's a good idea I hadn't really considered depending on how infected people are some tools might not even launch. Maybe I'll prompt to ask if they are having trouble running utilities and run a name generation on the files downloaded, not bad idea.

and thanks! It was a fun piece to write.
 
Last edited:
Joined
Oct 2, 2004
Messages
13,791 (1.95/day)
I know some cleaning goes into specifics (randsomware and parasitic file infectors), but this guide is way too complicated to be useful and those for whom it's not too complicated, it's not really needed in the first place.

Basically you just have to make a cleaup scan with as many tools as possible to be sure. So, a list of tools and directions to download and run them all one by one. When none of them is showing any stuff left, then you're done. Then the user should ask what to do if malware borked up settings that may cause error dialogs being displayed.
 
Joined
Oct 2, 2004
Messages
13,791 (1.95/day)
Yeah I liked Comodo I haven't personally batteried them in a few years. I think I stopped because they bundled geek buddy or w/e their add-on is with it and I couldn't stand it, but I never had a problem with the detection rate in testing or personally. I like Avast too. Not sure how its going to go with their purchase of AVG I really hope they cool it on the bundle crap. Emsisoft is actually really good about that stuff but they are a bit in your face with program execution.

That's a good idea I hadn't really considered depending on how infected people are some tools might not even launch. Maybe I'll prompt to ask if they are having trouble running utilities and run a name generation on the files downloaded, not bad idea.

and thanks! It was a fun piece to write.

Their plan is to leave avast! and AVG brands and products as is and only merge stuff behind the scenes. So, avast! will get protection features from AVG and vice versa. This way they'll enhance protection for both, while not alienating existing userbase with dramatic changes to the interface or functionality.

Btw, stay away from Comodo. People behind this product are retarded children to say the least. I won't lie, they have alright ideas, but their QA is a disaster and don't you even dare questioning their methods or decisions because they'll ban you from their forums simply for disagreeing with them or negatively commenting their garbage. It's a freaking joke when developers start doing such crap. But if you praise them to death, they'll dance around in joy. Like w00t, I maike criticism so shit gets sorted out not to cluelessly bash a company. Most get that, Comodo doesn't. And after they needed like 2 months to address their lack of digital signatures on CIS drivers for Win10 Redstone update, I knew they are a total mess. We are talking essential kernel drivers for real-time protection! avast! had similar issue on some unessential browser cleanup driver and they fixed it in half a day. And when I criticized avast!, even very harshly, they were a bit sad I think so at that moment, but they didn't ban me, instead they sorted out that stuff. That's how you fix stuff, not get butthurt like mad and start banning people. So, yeah, avast! over Comodo any time. In fact any product over Comodo...
 
Joined
Aug 17, 2015
Messages
45 (0.01/day)
Location
Greece
System Name Ryzen
Processor AMD RYZEN 5 3600 Six-Core Processor
Motherboard GIGABYTE B450 Aorus Pro
Cooling CoolerMaster MasterAir MA410P
Memory 2 x 8,00GB G Skill F4-3000C16S
Video Card(s) Sapphire RX 5700 pulse
Storage 512 GB Adata XPG Gammix S11 Pro (NVMe), 240 GB Intenso Sata III (SSD), 931 GB Western Digital (HDD)
Display(s) AOC G2590PX, Samsung Syncmaster 2233 RZ
Case Deepcool Matrexx 70
Power Supply Turbox 735W Power Series Modular
Mouse GENESIS NMG-0500 GX68 PROFESSIONAL LASER 3400DPI GAMING MOUSE
Keyboard Trust GXT 280
Software Windows 10 Pro 64-bit
Most of the times someone has windows 8.1 or 10, I tell them that an AV is not important, if they have low end machines (which they mostly do), as windows defender is quite good. On windows 7, microsoft essentials is really bad, so I suggest either AVG or Avast. Do you agree with my opinion/suggestion?
 
Joined
Apr 2, 2009
Messages
3,505 (0.64/day)
101:

1. Don't click random links. If must, inspect the link. If must go, go there with no-script and no-Ad addons on.
2. Be careful of where you download your porn.
3. Be careful of torrents you download.
4. Quit using cracks.
5. Quit visiting weird sites.

I haven't had a virus issue for ... forever.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Most of the times someone has windows 8.1 or 10, I tell them that an AV is not important, if they have low end machines (which they mostly do), as windows defender is quite good. On windows 7, microsoft essentials is really bad, so I suggest either AVG or Avast. Do you agree with my opinion/suggestion?

Hm, this is a very subjective question, since you already seem to have some pre-dispositions.

MSE and Windows Defender, are actually identical products. They differ a little but its mostly the engine and its ability to be "baked in" to the OS. The definitions are for the most part the same. The detection rates and more more importantly the engine itself and its removal ability are very much sub par.

However, the enterprise product system center endpoint has better luck but the engine is not the same one as the consumer edition, though the definitions are the same they are updated more frequently, at least the last time I looked.

The trade off with MSE/WinDef is that the usability is fantastic. Honestly people could not ask for an easier interface. The system resource usage is also pretty great.

Plainly speaking for an all around product it simply doesn't cut it. Not in the slightest. It also unfortunately does not remove heavier infections easily if at all. Normally the success you see with it or malware/junkware related.

Now however, usability and functionality are important especially too users. For someone that browsers the internet casually and checks email it will probably be fine. For those that consume alot of online media and files I wouldn't recommend it.

I can't agree at all regarding AV not being important. I think its even more important today then it was years ago. Several years ago it was as simple as what some of the others have said.

-watch what you goto
-watch what you download

etc etc. The plain truth though is that this is a logical fallacy. You cannot trust everything you get online. You also can't trust a "source" because it hasn't presented issues before. The landscape has changed dramatically and while it isn't some kind of web apocalypse anyone who thinks they are somehow immune to virus' because they "trust" their favorite illegal download site will probably get bit eventually. More and more infections today are coming through channels that arent even normally monitored. Malvertizing campaigns can spread malware to your browser and the site might not even know. Lets take a look at ask jeeves recently.

https://www.carbonblack.com/2017/03...general-tools-sophisticated-targeted-attacks/

of course lastpass was also just compromised.

Yahoo was breached 3 weeks ago IIRC.

This is relevant because you have to understand. It isnt about emailing you an attachment or letting you download some shady file. Why attempt to infect you if your on the look out when they can just break into your favorite sites servers?

of course, I am not arguing with you! I am just here to enlighten a few with some information. If you love MSE and have never had a virus great! Dont go online? Dont need one! Dont think you need one? more power too you.

I analyze the threat landscape, Test tooling and study the effects of malware on operating systems. Among other things I practice how to circumvent them.

Not a prophet and this isn't some kind of religion.
 
Joined
Aug 17, 2015
Messages
45 (0.01/day)
Location
Greece
System Name Ryzen
Processor AMD RYZEN 5 3600 Six-Core Processor
Motherboard GIGABYTE B450 Aorus Pro
Cooling CoolerMaster MasterAir MA410P
Memory 2 x 8,00GB G Skill F4-3000C16S
Video Card(s) Sapphire RX 5700 pulse
Storage 512 GB Adata XPG Gammix S11 Pro (NVMe), 240 GB Intenso Sata III (SSD), 931 GB Western Digital (HDD)
Display(s) AOC G2590PX, Samsung Syncmaster 2233 RZ
Case Deepcool Matrexx 70
Power Supply Turbox 735W Power Series Modular
Mouse GENESIS NMG-0500 GX68 PROFESSIONAL LASER 3400DPI GAMING MOUSE
Keyboard Trust GXT 280
Software Windows 10 Pro 64-bit
Hmmm seems that the more technology advances, the more you have to protect yourself from the attackers. Its been years since I last used an AV and since I had any serious issues with viruses, as I know the do's and dont's of surfing online and I regurarly scan for viruses with most of the programs you mentioned above (gonna start using all of them, in the order you mentioned).

Everytime a friend of mine shows me hislaptop, saying its slow, the first thing I do is check for viruses, then I check the number of processes that run in the background and also see what they do. Most of the times, the laptop is clean, almost a fresh install, but the problem is that it has an AV and some manufacturer applications that slows it down. How can an I3-5005U and 4 Gb ram not get slowed by an AV (Most systems today run Windows 8.1 or 10, which are not very light either)?

So I ask him how he uses it and if the answer is to browse facebook/Youtube and watch movies, I prefer to uninstall the AV and once in a while look at it to search for any viruses. Of course, I tell him that its not safer than before, but there are not many ways to speed up a low end computer (most of the times, I also disable BITS and Superfetch). If someone, who I don't personally know, asks me whether or not to have an AV, most of the times, I tell him my opinion about all this and if he believes he needs an AV, I recommend him AVG or Avast, as I already mentioned.

I know that you are not arguing, I am asking to learn. I am studying Computer Engineering in one of the best Universities in Greece, so any additional info about what I love, is more than welcome.
 

Mussels

Freshwater Moderator
Staff member
Joined
Oct 6, 2004
Messages
58,413 (8.25/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Win 10's defender is just good because it cant be disabled - as much at that annoys me as a power user, its fantastic because it stops the general public from turning it off "my free game wont work! stupid antivirus!"

I use avast these days and quite like it, as far as free antivirus goes its not very annoying with upgrade popups to the paid version and not system-heavy..
 
Joined
Oct 18, 2007
Messages
1,288 (0.22/day)
System Name Firebird
Processor Intel i7 2600K @5.0'ish 24/7 stock core Voltage {5.2 w/102 bCLK}
Motherboard Intel Extreme DZ68BC SkullTrail Z68 Cougerpoint, Excellent MCH !
Cooling Scythe NINJA PLUS Rev.B[skt478] Modded to 1155 Scythe SH12 fan
Memory Samsung 32nm 16Gb 4x4 (@19xxmhz} low profile[ better than 2133 banwidth]
Video Card(s) Gigabyte Aurosus 1080Ti
Storage Intel 512 SSD,Samsung 9701Tb, Toshiba 3Tbx2,Hitachi 320,1TBx2,'Cuda 400 7200.10, WD1TBUSB,to SATA
Display(s) Acer K272HUL 1440 27" WQHD, Samsung 226W, Vizio M60C3 4K 60",Vizio XVT3D554SV
Case CoolerMaster HAF 932
Audio Device(s) Intel 10ch[9+1] HD Audio X540> Pioneer VSX39TX[copper chasis,Rosewood sides 5x6LCD remote
Power Supply Seasonic X750 @ 24/7
Mouse Logictech G300s
Keyboard Saitek Cyborg v7
Software Windows 7 ROG E3 X64 by Neuropass/tweakscene
Benchmark Scores 4642@665/1600 220/GAT F1 4544 220/667strap 2.5/3/2/6 Bliss 650/1500 6490 Q6700 Bliss 690/1500
Plainly speaking for an all around product it simply doesn't cut it.

I think its even more important today then it was years ago

The landscape has changed dramatically

Yahoo was breached 3 weeks ago
As always Solaris great write-up :toast: :rockout:
This may explain couple issues I've had last few days ! At some point after closing IE it will not respond after opening. Opens up and nada, just blank as blank, even toolbar not responding. Can open tab's they stay blank also.
Nothing gets detected .Malwarebytes Pro& Antiexploit Premium S&D Spywareblaster, but HitmanPro will give me a detection then I just go manually remove from there.
Now I do visit adult sites, have for over 20 years, rarely do I get hit super bad, but in most cases of hard to remove, good ole format!
This is not about IE, Yahoo or whatnot, I've had issues with all the browsers. I'm an old fucker so I completely understand the issues of adult or warez sites. Lets not debate those merits.
Now day's it has got very crafty for it to intrude in a system. Sure I could just not go places, but my choice
I've had real good luck with Comodo for over a decade, but it seems I will need to tighten up on it's permisions. Still I need to find just how the crafty lil evil is getting by.

fdudutfwtrqhardoand and GDIPFONTCACHEV1 with DMR 72 exe was the culprit found in VTRoot admin appdata local temp but cant connect where I was when It got there .
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I updated the tools script and added a more in-depth DNS section under wrap up and mitigation. Further updates to come now that I can edit my posts. Thank you @W1zzard and super mods!
 
Joined
Feb 20, 2007
Messages
372 (0.06/day)
Location
Where the beer is good
System Name Karl Arsch v. u. z. Abgewischt
Processor i5 3770K @5GHz delided
Motherboard ASRock Z77 Professional
Cooling Arctic Liquid Freezer 240
Memory 4x 4GB 1866 MHz DDR3
Video Card(s) GTX 970
Storage Samsung 830 - 512GB; 2x 2TB WD Blue
Display(s) Samsung T240 1920x1200
Case Bitfenix Shinobie XL
Audio Device(s) onboard
Power Supply Cougar G600
Mouse Logitech G500
Keyboard CMStorm Ultimate QuickFire (CherryMX Brown)
Software Win7 Pro 64bit
I ve been using Avast (Free version) for years (beside add blockers and brain.exe) and always was very happy with it until ~1 year ago and now 've reached the point were I'm really considering a change. This thing over the years got really bloated.

They try to incorporate so much shit ... last year they tried to introduce/sneak in a browser addon with shopping tips (not sure if its still a thing - I dodged it), than there is a "Software Updater" (fuck that shit) and most annoying some kind of "performance tool" that detects "issues" (but doesn't mention what they are) and wants you to start the cleanup/optimization (click "Start) while giving you no info about what it intends to do. Ofc I 've avoided pressing that button, god knows what kind of trouble that would cause.

So I would reconsider your recommendation for that AV suite at the end of the guide. Otherwise really great work.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
I ve been using Avast (Free version) for years (beside add blockers and brain.exe) and always was very happy with it until ~1 year ago and now 've reached the point were I'm really considering a change. This thing over the years got really bloated.

They try to incorporate so much shit ... last year they tried to introduce/sneak in a browser addon with shopping tips (not sure if its still a thing - I dodged it), than there is a "Software Updater" (fuck that shit) and most annoying some kind of "performance tool" that detects "issues" (but doesn't mention what they are) and wants you to start the cleanup/optimization (click "Start) while giving you no info about what it intends to do. Ofc I 've avoided pressing that button, god knows what kind of trouble that would cause.

So I would reconsider your recommendation for that AV suite at the end of the guide. Otherwise really great work.

I havent gone back over it, but when I wrote the guide they had not yet acquired AVG. Its already on the list to go back over! thanks! :toast:
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,674 (3.80/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Hey Everyone! Bit of an update with a bit of a prod from @revin and @Norton I wanted to do a short write up about the latest in headlining crypto crazes. Today we will go over "NotPetya/Goldeneye" a ransomware variant that was thought to be a revision of petya but unlike its namesake harbors multiple escalation techniques and includes EternalBlue code which the widely known "Wannacry" strain used.

For those that want to go into it, Microsoft actually has a decent write up here.

NotPetya like other forms of new ransomware have incredibly high infection rates. Not only are these virus' able to damage sensitive or otherwise important data but they also generally carry the ability to infect entire networks of machines and are capable of infecting a host in multiple ways.

This is dangerous because such infections are not easily mitigated by patching "One hole" but instead are defended against using a a layered security approach, such as being fully patched and having security software. however that isn't to say that you are immune even if your system is in tip top shape, these infections are dangerous and can fell even the newest of systems. With more likely to appear as ransomware becomes ever more popular its important to keep these things in mind.

  • Make sure your PC is FULLY patched at the least once a month
  • Make sure you are using some kind of active protection
  • Make sure you and other users in your environment are security aware you dont have to be the weakest link to be hit (remember these infections can span networks)
  • Keep separate backups of your important documents. External is best.
With these things in mind and NotPetya on the rise there is hope. Much like wannacry 1.0s Domain kill switch there is a way to "vaccinate" yourself against NotPetya, Now this doesn't mean the infection cannot spread and doesn't mean that your machine can't be exploited. However Amit Serper has found a way to stop the ransomware from infecting the host it has managed to exploit. It seems the infection looks for a specific file in C:\Windows and if it is found halts the encryption process. With the secret now in the wild Lawrence Abrams of bleeping computer was able to piece together Amits technique into a batch file that can be run to create the necessary files needed to stop NotPetya.

While the files help prevent the infection I must stress it does not prevent the machine from being broken into. That said it should be noted that lateral movement of the infection seems dependent on eternal blue, and exploits to machines that run in domain environments. While end users that are NOT part of a domain don't necessarily need to worry about those methods of exploitation, they do need to make sure they are patched for the same SMB 1.0 bug that eternal blue and double pulsar used.

This an ongoing report, NotPetya is still being analysed and its characteristics understood. Remember there are HUNDREDS of ransomware variants in the wild, not just what catches your eye in the headlines.

Stay safe out there.
 
Last edited:
Joined
Oct 17, 2012
Messages
9,781 (2.36/day)
Location
Massachusetts
System Name Americas cure is the death of Social Justice & Political Correctness
Processor i7-11700K
Motherboard Asrock Z590 Extreme wifi 6E
Cooling Noctua NH-U12A
Memory 32GB Corsair RGB fancy boi 5000
Video Card(s) RTX 3090 Reference
Storage Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s) Dell - 27" LED QHD G-SYNC x2
Case Fractal Design Meshify-C
Audio Device(s) on board
Power Supply Seasonic Focus+ Gold 1000 Watt
Mouse Logitech G502 spectrum
Keyboard AZIO MGK-1 RGB (Kaith Blue)
Software Win 10 Professional 64 bit
Benchmark Scores the MLGeesiest
Hey Everyone! Bit of an update with a bit of a prod from @revin and @Norton I wanted to do a short write up about the latest in headlining crypto crazes. Today we will go over "NotPetya/Goldeneye" a ransomware variant that was thought to be a revision of petya but unlike its namesake harbors multiple escalation techniques and includes EternalBlue code which the widely known "Wannacry" strain used.

For those that want to go into it, Microsoft actually has a decent write up here.

NotPetya like other forms of new ransomware are have incredibly high infection rates. Not only are these virus' able to damage sensitive or otherwise important data but they also generally carry the ability to infect entire networks of machines and are capable of infecting a host in multiple ways.

This is dangerous because such infections are not easily mitigated by patching "One hole" but instead are defended against using a a layered security approach, such as being fully patched and having security software. however that isn't to say that you are immune even if your system is in tip top shape, these infections are dangerous and can fell even the newest of systems. With more likely to appear as ransomware becomes ever more popular its important to keep these things in mind.

  • Make sure your PC is FULLY patched at the least once a month
  • Make sure you are using some kind of active protection
  • Make sure you and other users in your environment are security aware you dont have to be the weakest link to be hit (remember these infections can span networks)
  • Keep separate backups of your important documents. External is best.
With these things in mind and NotPetya on the rise there is hope. Much like wannacry 1.0s Domain kill switch there is a way to "vaccinate" yourself against NotPetya, Now this doesn't mean the infection cannot spread and doesn't mean that your machine can't be exploited. However Amit Serper has found a way to stop the ransomware from infecting the host it has managed to exploit. It seems the infection looks for a specific file in C:\Windows and if it is found halts the encryption process. With the secret now in the wild Lawrence Abrams of bleeping computer was able to piece together Amits technique into a batch file that can be run to create the necessary files needed to stop NotPetya.

While the files help prevent the infection I must stress it does not prevent the machine from being broken into. That said it should be noted that lateral movement of the infection seems dependent on eternal blue, and exploits to machines that run in domain environments. While end users that are NOT part of a domain don't necessarily need to worry about those methods of exploitation, they do need to make sure they are patched for the same SMB 1.0 bug that eternal blue and double pulsar used.

This an ongoing report, NotPetya is still being analysed and its characteristics understood. Remember there are HUNDREDS of ransomware variants in the wild, not just what catches your eye in the headlines.

Stay safe out there.


That was really cool of you to put Your time/work into this... thank you I appreciate it

:toast:
 
Top